search

oasis-tcs / openc2-oc2ls

OASIS OpenC2 TC: GitHub repository used to propose and track changes to the OpenC2 Language Specification as new working draft level revisions are created and the associated CSDs mature
https://github.com/oasis-tcs/openc2-oc2ls
Other
15 stars 19 forks source link

Property name for profile-defined Targets #348

Open davaya opened 4 years ago

davaya commented 4 years ago

The Target property table in the CS 1.0 Language Spec Section 3.3.1.2 does not include an example SLPF target that was included in CSPRD 01, but it still has Actuator (3.3.1.3) and Results (3.3.2.2) SLPF examples. But Section 3.1.4 (Extensions) does contain an example Target that is inconsistent with the Args, Actuator, and Results examples contained in the same section.

As discussed in Issue #342, section 3.1.4 contains an incorrect description of NSIDs (which are prefixes used in Type references and have nothing to do with property names). The Target example in that section needs to be fixed, in one of two ways:

1) Make the target example consistent with the args, actuator, and results examples (the preferred approach):

{
    "action": "delete",
    "target": {
        "slpf": {
            "rule_number": 1234
        }
    }
}

Pull Request #349 assumes that this approach is used, and updates the "pairs" example to use the JSON Pointer standard (RFC 6901) to refer to profile-defined targets.

2) Make the target property name be a JSON Pointer. This is a confusing approach, but if we want to define targets using property names that are pointers to profile-defined properties, then target property names must follow the RFC 6901 syntax:

{
    "action": "delete",
    "target": {
        "slpf/rule_number": 1234
    }
}
dmg2 commented 4 years ago

I always thought this was odd, I am not sure why we went this route, but I believe it was originally on purpose. Perhaps here we can revisit, I rather have uniformity if possible were it makes sense. I like approach one.

davaya commented 4 years ago

Approach 1 is the correct structure for OpenC2 commands.

The current odd command structure:

{
    "action": "delete",
    "target": {
        "slpf:rule_number": 1234
    }
}

was originally done on purpose because we needed a name for targets to put in the query pairs response. But people didn't realize that JSON Pointer (RFC 6901) is the standard way to do that. So they used the same odd string as a property name as they did for the query response (https://docs.oasis-open.org/openc2/oc2ls/v1.0/cs02/oc2ls-v1.0-cs02.html#annex-c-design-elements)

        "delete": ["slpf:rule_number"],

The correct way is to define the command normally as in Approach 1, and then use a JSON Pointer string as the name of the target:

        "delete": ["slpf/rule_number"],
dlemire60 commented 2 years ago

PR #349, referenced in the opening description of the issue has been merged. What other changes are needed to completely resolve this issue?

dlemire60 commented 2 years ago

Discussed at triage; @davaya will take action to review examples and see if they've been fixed.